Position Overview

Architecture and Security in Information Technologies is currently seeking a Full-time Regular Lead, Governance, Risk and Compliance. Under the guidance of the Director, Security and Architecture, this position will be directly responsible for the creation and oversight of the Governance, Risk and Compliance (GRC) program and IT General Controls (ITGC) for UCalgary. 

Responsibilities include developing and managing the IT risk and ITGC controls framework, working directly with internal and external auditors and Service Owners, and providing technical security guidance to ensure compliance with all relevant regulatory requirements. This position involves controls documentation, implementation, and audit. The position also provides business analysis and recommendations to implement operational controls that ensure quality and secure business-driven solutions through the efficient use of processes, resources, and technology using a risk-based approach. This position will exercise a high degree of influence in the ongoing development of all UCalgary IT cybersecurity programs through collaboration with leadership.

The Lead, IT Governance, Risk and Compliance will manage the specialists on the GRC team, and is accountable for setting direction, deploying resources, and leading goal setting and development discussions for the GRC team.

This position involves a high volume and considerable diversity of work, which includes identifying and working with key stakeholders’ unique requirements and identifying technology risk at UCalgary. Problem solving ranges from routine to complex and impacts of decisions and other activities may be departmental or institution wide. Major stressors involve critical system requirements and timeframes related to technology deliverables specifically during emergency response conditions. The Lead, IT Governance, Risk and Compliance may be called upon to work off-routine hours or on an emergency basis when required.

Please note: While the University of Calgary IT team has embraced a hybrid working environment, we are not currently recruiting for 100% remote arrangements.
 

Position Description

Summary of Key Responsibilities (job functions include but are not limited to):

Governance

• Focus on the development and implementation of the ITGC framework at UCalgary
• Provide cross department support to help define Technology Policy
• Develop and publish Technology Management Standards applicable across the UCalgary community and perform periodic reviews to maintain currency of documents
• Develop and maintain governance, risk, and compliance procedures for the GRC team
• Ensure that compliance or regulatory requirements for privacy, PCI, Alberta Higher Education, Apply Alberta, etc. are reflected in UCalgary policies and Technology Management Standards
• Manage the UCIT portion of governance and oversight of compliance programs such as PCI and provide guidance on program audits.
• Provide consultative and regulatory expertise for the development and review of procedures for disaster recovery and security incident management
• Drive continuous improvement and UCalgary awareness of technology governance, risk management and compliance

Risk

• Perform threat risk assessments for systems maintained internally, as well as those systems outsourced to third-party service providers per established standards and procedures
• Identify technology risks, develop remediation or mitigation recommendations, and follow up for compliance
• Perform risk analysis for UCalgary functional areas to identify points of vulnerability and recommend disaster avoidance and reduction strategies
• Conduct business impact analyses and assist UCalgary Business Owners and Service Owners to determine and document critical business processes

Compliance

• Responsible point person for all UCIT audit and compliance programs, including PCI and ITGCs
• Manage audits of applications, infrastructure, and associated processes against UCalgary ITGCs and external Standards; document results of audit non-compliant issues, mitigating controls, associated recommendations for remediation plans and supporting documentation
• Plan, coordinate and assist with the execution and testing of ITGCs across UCIT managed technologies
• Produce appropriate and accurate materials and evidence to meet regulatory standards and audit requests
• Act as a liaison between audit, cyber security and IT operations teams during platform implementations, tool integrations and designs/modifications
• Work cross-functionally with Business Owner, Cyber Security Operations, Technical Service Owners, and Vendors on planning and implementing UCalgary specific security programs to meet compliance requirements
• Stay up to date on regulatory, internal governance requirements and ensure UCalgary compliance initiatives evolve to meet advances in technology and changes in regulations

Administrative

• Lead the GRC and Metrics & Reporting team including, but is not limited to recruitment, onboarding, coaching, performance management, and discipline up to and including termination
• Coordinate, collaborate or participate in projects as required
• Responsible for reporting key operational metrics and reports to IT senior leadership
• Help plan the roadmap and continuous service improvement for GRC pillar and responsibilities
• Stay current with the technology best practices in other post-secondary education organizations and the industry
• Support and collaborate on UCalgary Security Awareness programs and initiatives

Qualifications / Requirements:

• University degree in related field or equivalent experience
• Minimum 5 years experience in a regulatory environment or IT security / compliance field
• Management skills, business knowledge and process and people leadership
• Knowledge of published security and privacy standards (ISO, NIST, PCI, etc. security frameworks)
• Prior experience with compliance auditing, audit, compliance and risk management software and documentation in support of audits
• Understanding of technology risk and the ability to perform a assessment of technology risk for software and/or cloud provider
• CISSP, CRISC, CISA, ISO 27001 Lead Implementer or other audit / compliance certifications a plus; PCIP or PCI ISA is a nice to have
• Ability to communicate clearly and concisely to diverse audiences, in both oral and written form and translate technical jargon into business-friendly language
• Technical writing experience must include policies, procedures, business process mapping and guidelines
• Project management experience is a nice to have
• Experience analyzing business processes and putting together process flow and recommending process changes and efficiencies
• Technical background and aptitude including cyber security and cloud knowledge
• Microsoft Office skills (Word, Excel, Visio, PowerPoint)
• Ability to interact with management and staff in a fast-paced team environment
• Ability to maintain confidentiality with having routine access to sensitive information and maintaining confidence of the organization’s information
• May be required to complete the criminal background and credit checks

Application Deadline: June 7, 2022

We would like to thank all applicants in advance for submitting their resumes. Please note, only those candidates chosen to continue on through the selection process will be contacted.

Additional Information

This position is classified in the Professional Career Band, Level P4 of the Management and Professional Staff Career Framework.

To find out more about management and staff opportunities at the University of Calgary and all we have to offer, view our Management and Staff Careers website.

The University strongly recommends all faculty and staff are fully vaccinated against COVID-19.

About the University of Calgary

The University of Calgary is Canada’s leading next-generation university – a living, growing and youthful institution that embraces change and opportunity with a can-do attitude. Located in the nation’s most enterprising city, the university is making tremendous progress on its Eyes High journey to be recognized as one of Canada’s top five research universities, grounded in innovative learning and teaching and fully integrated with the community it both serves and leads. The University of Calgary inspires and supports discovery, creativity and innovation across all disciplines. For more information, visit ucalgary.ca.

The University of Calgary has launched an institution-wide Indigenous Strategy in line with the foundational goals of Eyes High, committing to creating a rich, vibrant, and culturally competent campus that welcomes and supports Indigenous Peoples, encourages Indigenous community partnerships, is inclusive of Indigenous perspectives in all that we do.

As an equitable and inclusive employer, the University of Calgary recognizes that a diverse staff/faculty benefits and enriches the work, learning and research experiences of the entire campus and greater community. We are committed to removing barriers that have been historically encountered by some people in our society. We strive to recruit individuals who will further enhance our diversity and will support their academic and professional success while they are here. In particular, we encourage members of the designated groups (women, Indigenous peoples, persons with disabilities, members of visible/racialized minorities, and diverse sexual orientation and gender identities) to apply. To ensure a fair and equitable assessment, we offer accommodation at any stage during the recruitment process to applicants with disabilities. Questions regarding [diversity] EDI at UCalgary can be sent to the Office of Equity, Diversity and Inclusion ([email protected]) and requests for accommodations can be sent to Human Resources ([email protected]).

We encourage all qualified applicants to apply, however preference will be given to Canadian citizens and permanent residents of Canada.